Fedora Legacy Test Update Notification: zlib

Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> · Wed, 09 Feb 2005 21:16:17 -0500

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2043
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2043
2005-02-09
---------------------------------------------------------------------

Name        : zlib
Versions    : fc1: zlib-1.2.0.7-2.1.legacy
Summary     : The zlib compression and decompression library.
Description :
Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.

---------------------------------------------------------------------
Update Information:

An updated zlib package that fixes a security flaws is now available.

Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.

Johan Thelmen reported that a specially crafted file can cause a
segmentation fault in zlib as the inflate() and inflateBack() functions
do not properly handle errors. An attacker could construct a carefully
crafted file that could cause a crash or possibly execute arbitrary code
when opened. The specific impact depends on the application using zlib.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0797 to this issue.

Users of zlib are advised to upgrade to this errata package, which
contains a backported patch correcting this issue.

---------------------------------------------------------------------
Changelogs

fc1:
* Fri Nov 19 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 1.2.0.7-2.1.legacy
- apply patch for CAN-2004-0797 (FL #2043)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc1:

815ce5cc7d77184e8075d7b81f16ae94f620ffea 
fedora/1/updates-testing/i386/zlib-1.2.0.7-2.1.legacy.i386.rpm

e7364e589e0a06615c3a02235e54619ca58d0997 
fedora/1/updates-testing/i386/zlib-devel-1.2.0.7-2.1.legacy.i386.rpm

4013ab1384694342ed5083f843c2b78d1f4082a7 
fedora/1/updates-testing/SRPMS/zlib-1.2.0.7-2.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
Attachment:
signature.asc

Description: OpenPGP digital signature
--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list